Administrators using Sophos security solutions may have been bothered by a number of false positives alarms within the recent days. If this is fixed now, the reason is known.
Advertising
It's just a brief piece of information I have from last week. The admins of Sophos security solutions received the following warning that a thread (security issue) had been discovered on the network::
<**[CRIT-861] Advanced Threat Protection Alert** Advanced Threat Protection A threat has been detected in your network The source IP/host listed below was found to communicate with a potentially malicious site outside your company. Details about the alert: Threat name....: C2/Generic-A Details........: http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx Time...........: 2019-04-04 18:49:03
(Source: Sophos)
This weekend I came across this post at administrator.de with a hint to the cause. The whole thing is described in the Sophos forum (Advisory: Sophos UTM – ATP is blocking traffic to Windows Update server (93.184.221.240)). The background was a blocked IP used by Microsoft Update. Sophos has provided an update which should be installed. Was anyone affected?
Jup, mich hat es erwischt. Allerdings wurden bei mir nur interne Server, hauptsächlich DCs, angemeckert. Ich ging von einem Fehlalarm aus und habe weiter Urlaub gemacht. ;-)